Microsoft said in a report earlier this month that an Iran-linked hacker group had disrupted the BBC and a number of other European TV streaming services in the United Kingdom, United Arab Emirates and Canada, adding that Hamas' , pointed out that cyberattacks by Iran are accelerating significantly. attack on Israel. The show was interrupted by a fake news report about Gaza featuring graphic images and what appeared to be an AI-generated anchor. This is the first time Iran has used AI in influence operations in this way.
Publication of:
4 minutes
The US tech giant said the hacker attack occurred in early December and highlighted “the rapid and significant expansion of Iran's operational reach since the beginning of the Israel-Hamas conflict.”
The fake news broadcast focused on Israeli operations in Gaza and was accompanied by a banner that read: “We have no choice but to hack to get this message to you.”
The AI newscaster went on to present graphic and unverified images of Palestinians, including women and children, allegedly killed or injured by Israeli forces in the Gaza Strip.
“At around 10.30pm I was watching BBC News when the program suddenly interrupted and harrowing footage of Palestine appeared on the screen instead. The screen froze and a message from the hacker appeared on a green background. It popped up in all caps and I was transfixed. Shortly after this, there was a news bulletin with an AI anchor. It was surreal and scary,” a Dubai resident told Khaleej Times.
Another user interviewed by the paper said they were unable to protect their children from the graphic images that suddenly appeared on their TV screens.
“No matter which channel I switched to, I saw the same content,” she said.
Microsoft's Threat Analysis Center (MTAC) said in a Feb. 8 report that the disruption also extends to viewers in the United Kingdom and Canada.
MTAC attributed the attack to Cotton Sandstorm, a group previously identified as “Iranian state actors sanctioned by the U.S. Treasury Department for attempting to undermine the integrity of the 2020 U.S. presidential election.” Ta.
AI is a “key component”
Microsoft said the group, which called itself “For Humanity” during the operation, published a video on the messaging app Telegram showing how it hacked three online streaming services and broadcast “some The news channel said it showed how confusing it was.
It added that this was “the first Iranian influence operation in which Microsoft discovered that AI played a significant role in message delivery.”
Since the start of the war, Microsoft said it had focused on cooperation between groups linked to Iran, particularly between groups associated with Iran's Ministry of Intelligence and Security and “Hezbollah's cyber forces.”
Fabrice Popineau, an AI expert who teaches and researches at France's prestigious engineering school Centrale Spélec, said the attack was quite a feat. “The achievement is not so much the production of the AI-generated newscast, but the fact that we were able to insert it in the right place,” he said.
Nicholas Arpazian, vice president of cybersecurity firm Headmind Partners, also pointed to the technical aspects of how the group attacked streaming services.
“The cyber attack did not directly target the TV channel, but rather its operator, the receiver rather than the sender,” he explained.
Arpazian said this type of attack, which displays graphic photos and videos, falls into a special category of propaganda known as “agit prop” aimed at provoking emotional reactions and political agitation. It is said that it will be done.
“As soon as people can feel that and experience it in their own homes and in their privacy, the goal will be achieved,” he said.
Rapid increase in cyber attacks by Iran
Iran's increased hacking and influence activity underscores the regime's desire to demonstrate that it can attack anywhere at any time. Microsoft said it was only tracking nine Iranian-linked groups operating in Israel during the first week of the war, but that number had grown to 14 just two weeks into the conflict.
It also said that Iranian cyber influence activity jumped from about one case “every other month” in 2021 to 11 cases in October 2023 alone.
Last November, these Iranian-backed groups began expanding their attacks beyond Israel to include Israel's allies. Targets also included water utilities in several small U.S. towns, including in Pennsylvania, where Aliquippa Water Authority officials were stunned to discover that their industrial controls had been hacked. . The following message appeared on the device screen: “You have been hacked. Defeat Israel. Any equipment 'made in Israel' is a legitimate target of the Cyber Avengers.” The Cyber Avengers belong to the Revolutionary Guards, the main branch of Iran's armed forces. doing.
This particular attack is notable in that it targeted programmable logic controllers (PLCs), which are commonly used in factory automation processes such as robotized machines and assembly line devices. Therefore, such attacks can significantly disrupt operations and cause significant damage depending on the affected industry.
US police have launched an investigation into the attack.
This article has been edited from the French original.
